-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
models: user affiliations schema disallow html attrs #459
Conversation
cd73eb5
to
a54a2d4
Compare
invenio_accounts/profiles/dicts.py
Outdated
except ValidationError as error: | ||
raise ValueError(f"Validation failed: {error}") | ||
return data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it needed? the code should probably not reach here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if schema is None it acts as a normal dict...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in this case, minor for readability:
return data | |
def _validate(self, data): | |
"""Validate the data with the dictionary's schema and return the valid value.""" | |
if self._schema is None: | |
return data | |
try: | |
# without schema, we basically revert to a normal dictionary | |
# with more overhead | |
return self._schema.load(data) | |
except ValidationError as error: | |
raise ValueError(f"Validation failed: {error}") |
a54a2d4
to
8b9dd82
Compare
@@ -43,7 +44,8 @@ class UserProfileSchema(Schema): | |||
"""The default user profile schema.""" | |||
|
|||
full_name = fields.String() | |||
affiliations = fields.String() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not correct. We use sanitised HTML when we want to store and output HTML, and string when we just want text.
closing |
❤️ Thank you for your contribution!
Description
Please describe briefly your pull request.
Checklist
Ticks in all boxes and 🟢 on all GitHub actions status checks are required to merge:
Third-party code
If you've added third-party code (copy/pasted or new dependencies), please reach out to an architect.
Reminder
By using GitHub, you have already agreed to the GitHub’s Terms of Service including that: